The Center for Education and Research in Information Assurance and Security,
or CERIAS, is the world's foremost University center for
multidisciplinary research and education in areas of information security.
Our areas of research include computer, network, and communications security
as well as information assurance.

This site's design is only visible in a graphical
browser that supports
web standards, but its content is accessible to any browser or Internet
device. (Why?)

Steven M. Bellovin,
There Be DragonsAbstract: Our security gateway to the Internet,
research.att.com, provides only a limited set of services. Most
of the standard servers have been replaced by a variety of trap
programs that look for attacks. Using these, we have detected a
wide variety of pokes, ranging from simple doorknob-twisting to
determined assaults. The attacks range from simple attempts to
log in as guest to forged NFS packets. We believe that many other
sites are being probed but are unaware of it: the standard
network daemons do not provide administrators with either
appropriate controls and filters or with the logging necessary to
detect attacks.

Fuat Baran, Howard Kaye, Margarita Suarez,
Security Breaches: Five Recent Incidents at Columbia
UniversityAbstract: During a two-month period (February through
March, 1990) Columbia University was involved in five break-in
incidents. This paper provides a detailed account of each
incident as well as what steps we took,both short-term and
long-term, to reduce the likelihood of future incidents.

Anatoly Ivasyuk,
Unix Admin. Horror Story SummaryAbstract: This is version 1.0 of the unofficial "Unix
Administration Horror Story Summary". This is a summary of the
"Unix Administration Horror Stories" thread which was seen in
comp.unix.admin in October '92.